03-01-2008 1:10 AM
Is it possible,that my password should not expiry at all?.
for dialog systems or system.
sri
03-01-2008 4:20 AM
Hello Sri,
The profile parameter login/password_expiration_time controls the expiry time of password. As long as this parameter is not maintained in the system profiles (dont confuse with Authorization profiles) in RZ10, you user password wont expire.
But the normal rule (atleast in production systems) is that
Users of the type DIALOG are not exempt from password epiration rules:
The profile parameter login/password_expiration_time controls this. the default value is 0 (number of days) and the maximum value is 1000. Normally we use a value of 30 days.
Also here is a link for Parameters with regards to login. Might be useful for you.
http://help.sap.com/saphelp_nw04s/helpdata/en/22/41c43ac23cef2fe10000000a114084/content.htm
Hope this helps.
Regards,
Prashant
03-01-2008 6:39 PM
Prashant,
if i go and change profile parameter login/password_expiration_time controls the expiry time of password
in RZ10, it will be applicable to all DIALOG users.
But i want it to restrict particular user...how it works over here
(user groups might come into picture...
sri
03-01-2008 4:23 AM
Also, if you are talking of users of the type system, password expiry rules (even if they are set) dont apply to them.
Password expiry rules also dont apply to user of type Service since these users are used for anonymopus logins i.e the user ID is shared amonst a group of people and hence the normal rule is that they have highly restricted access (display authorizations only).
Regards,
Prashant
03-02-2008 10:31 AM
Hello Sri,
No there is no praticular rule which allows you to group users together so that they cant be locked.
What ever rules we apply will be applicable to all the users of that type.
Infact a couple of days ago there was a discussion on the same issue in one of the threads raised by Julius Bussche (Moderator) in the Security Forum.
Try searching the thread with search criteria "Exceptions to the rule... idle users who are expected to be idle?".
You will get an insight on the issue.
Regards,
Prashant
03-02-2008 10:07 PM
For the record:
My question did not want to avoid changing the password, at whatever point in time.... nor for a specific user group.
It wanted to keep a secure user administration (of users in in decentral locations), without locking the user account for the reason of expected inactivity.
=> However, when the user logs on as expected, they should change the password (when it is expired) as per the policy, unless they exceed the expected period (or specific date...).
My case is specific to decentral end users.
Central administrators not wanting to change their passwords (as per a system policy) are a different case.
Kind regards,
Julius
Edited by: Julius Bussche on Mar 2, 2008 11:55 PM
03-03-2008 3:54 AM
Yes ofcourse Julius i did get the scope of our discussion on your thread. I just wanted Sri to get an insight on this instead of looking for a solution on having a user whose password would not expire at all (just in case he wanted to use the RZ10 parameter as mentioned above). But he too understands very the implications of such a change (as all administrators do ).
Regards,
Prashant